Salesforce Faces Extortion Threat After Salesloft OAuth Token Exploits
October 6, 2025
A hacking consortium claims Salesloft OAuth tokens were abused to extract CRM records from 700+ companies; Salesforce says claims relate
Cybersecurity
Salesforce Faces Extortion Threat After Salesloft OAuth Token Exploits
A hacking consortium claims Salesloft OAuth tokens were abused to extract CRM records from 700+ companies; Salesforce says claims relate to past or unverified incidents ...
Discord Discloses Support Ticket Breach After Unauthorized Access to Third-Party System
Discord confirmed attackers accessed a third-party support system, stealing support tickets, IDs, IPs, messages and partial billing data; investigation and user notifications are ongoing.
VMware Virtual Machines Targeted in Zero-Day Exploitation by China-Linked Hackers
Broadcom warns of zero-day flaws in VMware software exploited by China-linked hackers, allowing privilege escalation for months, raising concerns over virtualization security and global enterprise ...
Boeing Supplier Dimensional Control Systems Targeted in Ransomware Attack
J Group ransomware gang claims to have stolen 11GB of sensitive internal documents from Boeing supplier Dimensional Control Systems, raising cybersecurity concerns across global manufacturing ...
Lynx Claims Ransomware Intrusion at TriMed Subsidiary of Henry Schein
Lynx claims a ransomware intrusion at TriMed, posting alleged executive, legal, employee and proprietary files; Henry Schein is investigating with law enforcement and forensic partners.
Red Hat Confirms Breach of Consulting GitLab Instance After Claim of 570.2 GB Leak
Red Hat confirmed unauthorized access to a consulting GitLab instance; an extortion group claims to have exfiltrated 570.2 GB from 28,000 repositories, including ~800 CERs.
WestJet Data Breach Exposes Passports and IDs for 1.2 Million Customers
WestJet confirmed a June cyberattack exposed passports, IDs, and travel records of 1.2 million customers. The airline is notifying victims and offering two years of ...
Sendit Sued by FTC for Alleged Illegal Collection of Children’s Data
The FTC referred a complaint alleging Sendit collected children’s personal data without parental consent and used deceptive subscription practices, prompting a DoJ referral and potential ...
China Tightens Cyber Rules, Forcing One-Hour Reporting for Major Incidents
China’s Cyberspace Administration will require operators to report major cyber incidents within 60 minutes, or 30 minutes for severe events, with penalties for concealment or ...
Klopatra Android RAT Masquerades as IPTV and VPN App, Drains Banking Devices across Europe
Klopatra, disguised as an IPTV/VPN app, uses Accessibility abuse and a black-screen VNC to capture credentials and remotely drain over 3,000 Android devices across Europe.
Discord Discloses Support Ticket Breach After Unauthorized Access to Third-Party System
October 6, 2025
Discord confirmed attackers accessed a third-party support system, stealing support tickets, IDs, IPs, messages and partial billing data; investigation and
VMware Virtual Machines Targeted in Zero-Day Exploitation by China-Linked Hackers
October 6, 2025
Broadcom warns of zero-day flaws in VMware software exploited by China-linked hackers, allowing privilege escalation for months, raising concerns over
Boeing Supplier Dimensional Control Systems Targeted in Ransomware Attack
October 6, 2025
J Group ransomware gang claims to have stolen 11GB of sensitive internal documents from Boeing supplier Dimensional Control Systems, raising
Lynx Claims Ransomware Intrusion at TriMed Subsidiary of Henry Schein
October 6, 2025
Lynx claims a ransomware intrusion at TriMed, posting alleged executive, legal, employee and proprietary files; Henry Schein is investigating with
Red Hat Confirms Breach of Consulting GitLab Instance After Claim of 570.2 GB Leak
October 5, 2025
Red Hat confirmed unauthorized access to a consulting GitLab instance; an extortion group claims to have exfiltrated 570.2 GB from
WestJet Data Breach Exposes Passports and IDs for 1.2 Million Customers
October 2, 2025
WestJet confirmed a June cyberattack exposed passports, IDs, and travel records of 1.2 million customers. The airline is notifying victims
Sendit Sued by FTC for Alleged Illegal Collection of Children’s Data
October 2, 2025
The FTC referred a complaint alleging Sendit collected children’s personal data without parental consent and used deceptive subscription practices, prompting
China Tightens Cyber Rules, Forcing One-Hour Reporting for Major Incidents
October 2, 2025
China’s Cyberspace Administration will require operators to report major cyber incidents within 60 minutes, or 30 minutes for severe events,
Klopatra Android RAT Masquerades as IPTV and VPN App, Drains Banking Devices across Europe
October 2, 2025
Klopatra, disguised as an IPTV/VPN app, uses Accessibility abuse and a black-screen VNC to capture credentials and remotely drain over
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.